Can now generate keypair, seal both parts to a file and unseal them, if the file already exists.

App/App.cpp

@@ -542,6 +542,7 @@ int write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& messa
 
 uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
 {
+  lseek(fd, 0, SEEK_SET); 
   ssize_t bytes_written; 
   bytes_written = write(fd, msg, *expected_msg_length);
   if(bytes_written <= 0)
@@ -552,13 +553,14 @@ uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
   return 0;
 }
 
-uint32_t read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
+uint32_t read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length)
 {
   ssize_t bytes_read;
   lseek(fd, 0, SEEK_SET);
   bytes_read = read(fd, msg, *expected_msg_length);
   if(bytes_read <= 0)
     return 0xFFFFFFFF;
+  *expected_msg_length = bytes_read; 
   return 0;
 }
 
@@ -690,34 +692,39 @@ int local_attestation_initiator(__attribute__((unused))   uint8_t* expected_mr_s
   	fflush(stdout);
 	return 0;
 }
-/*
-uint32_t unseal_signing_key_pair_from_disk(int fd, __attribute__((unused))  sgx_ec256_public_t* pub_key, uint32_t* actual_sealed_msg_length)
+
+uint32_t unseal_signing_key_pair_from_disk(int fd, __attribute__((unused))  sgx_ec256_public_t* pub_key, size_t* actual_sealed_msg_length)
 {
   uint32_t ret_status;
   uint8_t* sgx_sealed_msg;
-  sgx_sealed_msg = (uint8_t*) malloc(*actual_sealed_msg_length);
+  printf("expected read 0x%ld\n", *actual_sealed_msg_length); 
+  sgx_sealed_msg = (uint8_t*) malloc(0x300); // malloc(*actual_sealed_msg_length); (0x300 for EDL) 
   ret_status = read_from_fd(fd, sgx_sealed_msg, actual_sealed_msg_length);
   if(ret_status != 0)
   {
     free(sgx_sealed_msg);
     return 0xFFFFFFFF;
   }
-   
+  printf("actual read 0x%ld and ret_status 0x%x\n", *actual_sealed_msg_length, ret_status);  fflush(stdout); 
+  size_t counter; 
+  for(counter=0;counter<*actual_sealed_msg_length;counter++)
+	printf("%x ", *(sgx_sealed_msg+counter));
+  printf("\n");  fflush(stdout); 
   Decryptor_unseal_and_restore_sealed_signing_key_pair(e2_enclave_id, &ret_status, pub_key, sgx_sealed_msg, actual_sealed_msg_length);
   free(sgx_sealed_msg);
   return ret_status;
 }
-*/
-uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused))  int fd, __attribute__((unused))   sgx_ec256_public_t* pub_key, __attribute__((unused))  uint32_t* actual_sealed_msg_length)
+
+uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused))  int fd, __attribute__((unused))   sgx_ec256_public_t* pub_key)
 {
- uint32_t ret_status;
+  uint32_t ret_status;
   // Generating a signing ECDSA key to sign the encryption key.
   uint32_t length; 
-  Decryptor_calculate_sealed_data_size(e2_enclave_id, &length, SGX_ECP256_KEY_SIZE); // sgx_calc_sealed_data_size(0,3*SGX_ECP256_KEY_SIZE);
+  Decryptor_calculate_sealed_data_size(e2_enclave_id, &length, 3*SGX_ECP256_KEY_SIZE); // sgx_calc_sealed_data_size(0,3*SGX_ECP256_KEY_SIZE);
   if(length == 0xFFFFFFFF)
     return 0xFFFFFFFF;
-  printf("0x%x input msg, 0x%x bytes for sealed msg in parameter value\n", SGX_ECP256_KEY_SIZE, length); fflush(stdout); 
-  uint8_t* sealed_data=(uint8_t*) malloc(length);
+  printf("0x%x input msg, 0x%x bytes for sealed msg in parameter value\n", 3*SGX_ECP256_KEY_SIZE, length); fflush(stdout); 
+  uint8_t* sealed_data=(uint8_t*) malloc(0x300);
   printf("Made call to sgx_calc_sealed_data_size\n");  fflush(stdout); 
   Decryptor_create_and_seal_ecdsa_signing_key_pair(e2_enclave_id, &ret_status, pub_key, &length, sealed_data);
   if(ret_status != SGX_SUCCESS)
@@ -727,12 +734,14 @@ uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused))  int
     return 0xFFFFFFFF;
   }
   printf("It returned sgx_success\n"); fflush(stdout); // *actual_sealed_msg_length=length;
-  
+    
   ret_status = write_to_fd(fd, sealed_data, &length);
   free(sealed_data); 
-  if(ret_status > 0)
-	  *actual_sealed_msg_length = ret_status; 
-  return 0;
+//  if(ret_status > 0)
+//	  *actual_sealed_msg_length = ret_status; 
+//  return 0;
+
+return ret_status; 
 }
 
 int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
@@ -743,10 +752,11 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     int launch_token_updated;
     sgx_launch_token_t launch_token;
 //    uint8_t* pub_key = (uint8_t*) malloc(2*SGX_ECP256_KEY_SIZE);
-    sgx_ec256_public_t pub_key; 
+    sgx_ec256_public_t pub_key;  uint32_t counter;
     
 
-  uint32_t actual_sealed_msg_length;
+//    long int actual_sealed_msg_length;
+    size_t sealed_msg_length_in_file; 
     status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
     if(status != SGX_SUCCESS)
     {
@@ -770,13 +780,23 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     }
     printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
     fflush(stdout);
-    int start = lseek(sealed_signing_key_fd, 0, SEEK_CUR);
-    int end = lseek(sealed_signing_key_fd, 0, SEEK_END);
-    if(start == end && start != -1)
+//    int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
+//    int end = lseek(sealed_signing_key_fd, 0, SEEK_END);
+      struct stat st; ret_status = fstat(sealed_signing_key_fd, &st);
+     //sealed_msg_length_in_file = st.st_size; 
+      if(ret_status != 0)
+      {
+	perror("error in finding the file size. -  ");
+        fflush(stderr); 
+	return 0xffffffff;
+
+      }      
+      sealed_msg_length_in_file = st.st_size;
+    if(sealed_msg_length_in_file == 0) //if(start == end && start != -1)
     {
       // TODO: file is empty. create signing key pair.
-      start = lseek(sealed_signing_key_fd, 0, SEEK_CUR);
-      ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd, &pub_key, &actual_sealed_msg_length);
+      // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
+      ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd, &pub_key);
       if(ret_status != 0)
       {
         printf("\n error in generating the ecdsa signing key pair \n");
@@ -785,13 +805,21 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
       }
 	fflush(stdout);
       printf("\n Generated the ecdsa key pair successfully - gx, gy\n");
+      for(counter=0;counter<32;counter++)
+        printf("0x%x ",pub_key.gx[counter]);
+      printf("\n");
+      for(counter=0;counter<32;counter++)
+                printf("0x%x ",pub_key.gy[counter]);
+      printf("\n");
+      fflush(stdout);
+
       fflush(stdout);
     }
-/*    else {
-      start = lseek(sealed_signing_key_fd, 0, SEEK_CUR);
-      if(actual_sealed_msg_length == 0)
-        actual_sealed_msg_length = end - start;
-      ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, &pub_key, &actual_sealed_msg_length);
+    else {
+//      start = lseek(sealed_signing_key_fd, 0, SEEK_CUR);
+  //    if(actual_sealed_msg_length == 0)
+  //      actual_sealed_msg_length = size; // - start;
+      ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, &pub_key, &sealed_msg_length_in_file);
       if(ret_status != SGX_SUCCESS)
       {
         printf("\n error in unsealing the ecdsa signing key pair:%d \n", ret_status);
@@ -799,9 +827,15 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
         return 0xFFFFFFFF;
       }
       printf("\n Recovered the ecdsa key pair successfully - gx, gy\n");
+      for(counter=0;counter<32;counter++)
+	printf("0x%x ",pub_key.gx[counter]);
+      printf("\n");
+      for(counter=0;counter<32;counter++)
+	        printf("0x%x ",pub_key.gy[counter]);
+      printf("\n");
       fflush(stdout);
     }
-*/
+    close(sealed_signing_key_fd); 
 
     // TODO: Continue with other msgs - send sign(enc | verifier mr_enclave)
     sgx_destroy_enclave(e2_enclave_id);

LocalAttestationCode/EnclaveMessageExchange.cpp

@@ -234,39 +234,88 @@ void deserialize_string_to_public_private_key_pair(uint8_t* private_public_key_s
 
 uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused))   sgx_ec256_public_t* pub_key, __attribute__((unused))  uint32_t* sealed_data_length, __attribute__((unused)) uint8_t* sealed_data)
 {
-    uint32_t ret_status; sgx_ec256_private_t private_key; 
+    uint32_t ret_status; sgx_ec256_private_t private_key;  uint32_t counter;
     ret_status=create_ecdsa_key_pair(pub_key, &private_key);
     if(ret_status!=SGX_SUCCESS)
        return ret_status;
+    for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
+	signing_priv_key.r[counter]=private_key.r[counter]; 
     // generating the entire string as there is no SGX function to generate the public key from the private one.
-  //  uint8_t* private_public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE);
-uint8_t* sealed_data2 = (uint8_t*) malloc(*sealed_data_length);
+    uint8_t* private_public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE);
+    uint8_t* sealed_data2 = (uint8_t*) malloc(*sealed_data_length);
     // serializing keypair to string
-//    serialize_signing_key_pair_to_string(pub_key, &signing_priv_key, private_public_key_string);
-    // sealing serialized keypair to disk
+    serialize_signing_key_pair_to_string(pub_key, &private_key, private_public_key_string);
     uint8_t* private_key_string = (uint8_t*) malloc(SGX_ECP256_KEY_SIZE); 
-    uint32_t counter;
-for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
+    for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
 	*(private_key_string+counter)=private_key.r[counter];
-  // sgx_seal_data(0, NULL,  3*SGX_ECP256_KEY_SIZE, private_public_key_string, *sealed_data_length, (sgx_sealed_data_t*) sealed_data2);
-//uint8_t mydata[32]={1}; 
-     ret_status = sgx_seal_data(0, NULL, SGX_ECP256_KEY_SIZE, private_key_string, *sealed_data_length, (sgx_sealed_data_t*) sealed_data2); 
-for(counter=0;counter<*sealed_data_length;counter++)
+//    return *sealed_data_length;
+    ret_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, *sealed_data_length, (sgx_sealed_data_t*) sealed_data2); 
+    for(counter=0;counter<*sealed_data_length;counter++)
 	*(sealed_data+counter)=*(sealed_data2+counter); 
     free(sealed_data2);
-   free(private_key_string);  //free(private_key);  
-  //  free(private_public_key_string);
+    free(private_key_string);  //free(private_key);  
+    free(private_public_key_string);
 
-	return ret_status; // SGX_SUCCESS; 
+    return ret_status; // SGX_SUCCESS; 
 }
 
-
+/*
 uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused))  uint8_t* sealed_data, __attribute__((unused))   uint32_t* sgx_sealed_data_length)
 {
 	return SGX_SUCCESS; 
 
+}*/
+
+uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length)
+{
+  uint32_t expected_plaintext_msg_length; uint8_t* temp_plaintext; uint32_t counter; uint32_t ret_status;
+  expected_plaintext_msg_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
+  if(expected_plaintext_msg_length == 0xffffffff)
+    return 0xFFFFFFFF;
+
+//  uint32_t return_status; 
+  uint8_t* sealed_data2 = (uint8_t*) malloc(*sgx_sealed_data_length); 
+  for(counter=0;counter<*sgx_sealed_data_length;counter++)
+  {
+	*(sealed_data2+counter)=*(sealed_data+counter); 
+  }
+
+  temp_plaintext = (uint8_t*)malloc( expected_plaintext_msg_length );
+  ret_status = sgx_unseal_data((sgx_sealed_data_t*)sealed_data2, NULL, 0, temp_plaintext, &expected_plaintext_msg_length);
+  if(ret_status != SGX_SUCCESS)
+  {
+    free(temp_plaintext);free(sealed_data2);
+    switch(ret_status)
+    {
+      case SGX_ERROR_MAC_MISMATCH:
+          // MAC of the sealed data is incorrect.          The sealed data has been tampered.
+          break;
+      case SGX_ERROR_INVALID_ATTRIBUTE:
+          // Indicates attribute field of the sealed data is incorrect.
+          break;
+      case SGX_ERROR_INVALID_ISVSVN:
+          // Indicates isv_svn field of the sealed data is greater than            the enclave�s ISVSVN. This is a downgraded enclave.
+          break;
+      case SGX_ERROR_INVALID_CPUSVN:
+          // Indicates cpu_svn field of the sealed data is greater than            the platform�s cpu_svn. enclave is  on a downgraded platform.
+          break;
+      case SGX_ERROR_INVALID_KEYNAME:
+          // Indicates key_name field of the sealed data is incorrect.
+          break;
+      default:
+          // other errors
+          break;
+    }
+    return ret_status;
+  }
+   
+  deserialize_string_to_public_private_key_pair(temp_plaintext, pub_key, &signing_priv_key);
+  free(temp_plaintext); free(sealed_data2);  
+  return SGX_SUCCESS;
 }
 
+
+
 uint32_t calculate_sealed_data_size( uint32_t input_size) 
 {
 //	*op_size=sgx_calc_sealed_data_size(0, input_size); 

LocalAttestationCode/LocalAttestationCode.edl

@@ -34,18 +34,16 @@ enclave  {
     include "sgx_eid.h"
     include "datatypes.h"
 //    include "sgx_tcrypto.h" // For some reason, this is not being detected - macros are not being resolved!
-#define SEALED_SIZE 592
+    #define SEALED_SIZE 768  // 656 // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included) 
     include "../Include/dh_session_protocol.h"
     trusted{
         public uint32_t session_request([out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
         public uint32_t exchange_report([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id);
-//	public uint32_t create_ecdsa_signing_key_pair(); 
-//	public uint32_t create_ecdsa_signing_key_pair([in, out]sgx_ec256_public_t* pub_key);
         public uint32_t create_and_seal_ecdsa_signing_key_pair([out]sgx_ec256_public_t* pub_key, [in] uint32_t* sealed_data_length, [out, size=SEALED_SIZE] uint8_t* sealed_data);
-        public uint32_t unseal_and_restore_sealed_signing_key_pair([out] sgx_ec256_public_t* pub_key, [in] uint8_t* sealed_data, [in] uint32_t* sealed_data_length);
+        public uint32_t unseal_and_restore_sealed_signing_key_pair([out] sgx_ec256_public_t* pub_key, [in, size=SEALED_SIZE] uint8_t* sealed_data, [in] size_t* sealed_data_length);
         uint32_t create_ecdsa_key_pair([out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key);
-void serialize_signing_key_pair_to_string([in] sgx_ec256_public_t* pub_key, [in] sgx_ec256_private_t* signing_priv_key, [out] uint8_t* private_public_key_string);
-        void deserialize_string_to_public_private_key_pair([in] uint8_t* private_public_key_string, [out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key); 
+void serialize_signing_key_pair_to_string([in] sgx_ec256_public_t* pub_key, [in] sgx_ec256_private_t* signing_priv_key, [out, size=96] uint8_t* private_public_key_string);
+        void deserialize_string_to_public_private_key_pair([in, size=96] uint8_t* private_public_key_string, [out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key); 
         public uint32_t end_session();
         public uint32_t calculate_sealed_data_size(uint32_t input_size); //, [out] uint32_t *opsize);